Updating Password by User ID

I

IPSE

Member
Hi,

We've just purchased Xenforo to replace vBulletin - it's really quick so far so we're very pleased.

I was wondering how to update a user's password through PHP programmatically. We have the user ID of course, so I'm just wondering if the hashing mechanism has changed since this post here: http://xenforo.com/community/threads/password-formula.32191/?

I've tried using SHA256 (the PHP environment does have the 'hash' module available to itself), but if I insert the new serialized data and then try to authenticate that doesn't work.

Any tips / guidance would be appreciated.

Thank you.

-Kevin
 
Why do you need to concern yourself with any caching mechanism at all?

XenForo includes the ability to change passwords in the Admin CP. Surely some existing code must exist to make it easier...?
 
Hi Chris,

Thank you for your quick reply.

To put this into some context, we have a Drupal web site which a user logs in with to authenticate. When they do so successfully, we'd like to update their Xenforo password with the same hashed password and log them into the forum software in the background. I have this piece of the puzzle ready, just need guidance about how to update the user's password by ID.

Thanks,

-Kevin
 
Do you have access to the unhashed password at this time? Or only the hashed version?
 
Hi,

When a user logs into the main web site we have an unhashed password, albeit over SSL. My plan at this point was if the user successfully authenticates into the main site to then use this password to update the Xenforo password (after it's been hashed etc.) in the background to achieve what appears to be a single sign-on.

Thanks,

-Kevin
 
Ok.

There's a function which may help, it's basically the way a user's password is set based on an unhashed input. So it may not completely solve the problem, but it will certainly give you a view of the process of setting a password.

If you look at library/XenForo/DataWriter/User.php :: setPassword

Hope it helps.

To answer your earlier question, the default authentication method has changed somewhat:

Mike said:
New password storage: Bcrypt
1.2 introduces a more secure password storage method known as bcrypt. Most hashing schemes are designed to be fast, which makes them unsuitable for password storage. Bcrypt is intentionally slow and is also tunable so it can do more work over time as computers become faster.

Whenever a user logs in, their password will automatically be upgraded to the bcrypt format.
Click to expand...

What I'm trying to do is steer you in the right direction of the existing code within XenForo so you aren't re-inventing the wheel.
 
Chris,

This looks perfect - thank you. And I'd much prefer to use Xenforo's method of handling this type of things; saves me having to review code during updates etc.

I'll write back later with an update as to how it went.

Thanks,

-Kevin
 
You must log in or register to reply here.

Similar threads

S
XF 2.1 How to find the entry from xf_session table by user-id?
Replies
0
Views
138
sajal
S
M
  • Question Question
XF 2.2 filter threads by user id like it can be done by prefix id
Replies
1
Views
434
Bob
Bob
threadloom
XF 1.5 Question on retrieving node permissions by user group instead of user id
Replies
2
Views
731
threadloom
threadloom
S
load user name by user id in template
Replies
2
Views
1K
sajal
S
JamesBrown
  • Question Question
XF 1.5 Find by User ID
Replies
1
Views
982
Paul B
P
Back
Top Bottom